v15.0 Stable Release #2 - 47 OVAs, OpenStack and Xen builds

UPDATE: Stage 3 includes 35 additional appliances; including info on 3 new v15.0 appliances, plus other notes of interest. Stage 4; the 4th and final instalment of v15.0, includes the remaining v15.0 appliances, plus a number of bugfixed and updated v15.0 apps - 31 in total. All appliances are available in ISO, OVA/VM, OpenStack, Xen, Docker and Proxmox/LXC builds.

I'm pleased to followup stage 1 of the v15.0 release with the release of OVA, VM, OpenStack and Xen builds (plus Docker and Proxmox/LXC) for the appliances already released as ISO. Essentially stage 2 of the v15.0 release.

Stage 2 includes OVA/VM, OpenStack and Xen builds of the 47 appliances already released. This announcement was intended to also include the LXC/Proxmox builds, as well as the Docker builds (and sort of still does). However, a bug has been discovered in TKLBAM when running within a container. So whilst technically they are available, they will be rebuilt to include the fix, hopefully very soon.

Please read on for details. Alternatively, you can skip straight to the appliance links.

Docker and Proxmox/LXC builds - Usable but will be rebuilt

Both the Docker and Proxmox/LXC builds are already available, even though I hadn't intended to announce them yet (bit late now...). Docker builds can be accessed direct from the Docker Hub. The ProxmoxVE builds can be downloaded direct from the Web UI - via "Templates" within the "Storage" section.

As noted above, due to the discovery of a TKLBAM bug, we will rebuild them when we build the next lot of ISOs to Docker and Proxmox/LXC. The fix has already been committed, so it's just a case of rebuilding them. Beyond the fix to TKLBAM, the rebuilt images will be exactly the same as the current images and will keep the "v15.0" version. You can start using them now if you wish. If you don't use TKLBAM, then they should function as expected. If you do wish to use TKLBAM, the workaround is simple:

chmod -x /etc/tklbam/hooks.d/fixclock

Beyond that, I don't have much to add re the Proxmox/LXC builds, other than to note that they now include SystemD as the initsystem (v14.x PVE/LXC builds were still using Sysvinit). The initial boot log is a little more verbose, but otherwise, everything should work as expected. As per usual, the TurnKey Proxmox/LXC builds are primarily aimed at running on ProxmoxVE, but should support vanilla LXC, including our own upcoming and updated LXC appliance.

New Docker versioning scheme

I was going to leave publicising this point until I rebuild the images, but figured I may as well note it now. Even despite the above noted bug, the images are (IMO) better than their v14.2 predecessors.

For v15.0, we have shifted the way that we version the TurnKey Docker builds. Historically we have included the version number in the name of the Docker build. E.g. "wordpress-14.2". Whilst on face value that makes the version easy to spot, it goes against the "tagging" of versions which is generally used by Docker images. So for v15.0, we've moved to the convention of not including the version in the name anymore, e.g. simply "wordpress". Now the version is a tag. We also plan to update the "latest" tag for each release, so as to always point to the latest version of a given appliance.

This will hopefully make getting the latest version of our appliances easier for users. Currently users need to wade through the older appliances first to discover the latest builds (or specifically search for them). And over time, it will also hopefully make our latest appliances more visible to the docker community. Currently the popularity of our appliances is hidden by the fact that "stars" and "pulls" are not accumulated in a single docker image, but spread across the releases.

I still haven't updated the notes (on the Docker Hub) for each of the new appliances. I'm not sure when that will happen, but soon hopefully. I will also need to update the Docker documentation here on the website. But I'll mention it here for now. So to get the v15.0 Docker build, try this:

docker pull turnkeylinux/wordpress

Essentially that is a short hand way of this:

docker pull turnkeylinux/wordpress:latest

When we release v15.1, the above commands should then pull the v15.1 build. If you wish, you can specify a particular version like this:

docker pull turnkeylinux/wordpress:15.0

Otherwise, pretty much everything else should work as it did before.

Larger OVA and VM builds

As previously noted, the v15.0 appliances has grown larger than their v14.x counterparts. However, users may notice that the OVAs and VMs have grown even more in size compared to v14.x OVA/VM builds. Ideally we try to keep things as slim as possible, the reality is that we need to balance usability and user friendliness.

In this instance, we decided that including the kernel headers and the openvm-tools DKMS packages were a good idea. Whilst it adds a significant size increase to the builds, it will also make life easier for users. It means that even when users update their kernel (e.g. after a kernel security update), their system will be able to build a new kernel module (to match the new kernel). In previous releases, we were pre-building the kernel module and shipping the appliances without the headers and dkms packages. It meant our OVA and VM builds were smaller, but it also would create unexpected issues when there were kernel updates.

Including these packages also marginally reduces our OVA/VM build overhead when we release a new version. But most importantly it means that openvm-tools won't break after a kernel update. The other options would have been for us to package the kernel modules ourselves, or to leave out openvm-tools altogether. The former wasn't really an option for us as we already have tons to do and our energy can be spent better elsewhere. The latter was a possibility, but we decided to leave openvm-tools pre-installed for now. If you think we should ditch them to save a bit of space, please let us know in the comments.

OpenStack and Xen

I don't have a ton to add re the OpenStack and Xen builds, other than to again thank Tomas and his employer; Home at Cloud for helping out with testing on the OpenStack builds. Tomas noted a few bugs along the way, and I must admit that I have been so eager to release them, that I neglected to get his final approval. However, the last bug reports he provided, I'm pretty sure we've fixed. And even then, they weren't really release show stoppers.

TurnKey and AWS Marketplace builds still outstanding

Apologies to those who are still waiting for the AMIs to be available. I'm currently working with the AWS Marketplace team to get the new builds on to the Marketplace ASAP. We're having a little holdup on that as they are having a few "technical difficulties". Hopefully they'll be ironed out very soon and the first batch of 20 appliances will be up. The appliances will be added in batches of 20, so it will likely take a few weeks before all 47 are up.

As for the Hub, Alon is currently working out the best way of adding the updated builds in a more future proof way. Historically we've just swapped out the old appliances for the new. However, previously the appliances have all at least been the same major version (e.g. v13.x, v14.x) and until v14.2, released at the same time. However, we think that this staged release is a better model and allows us to get builds public quicker. So in an effort to "future proof" further updates, Alon is aiming to provide some support for the different versions. TBH, I'm not at all sure exactly what we'll end up with, but I'm sure it will be both functional and reliable.

Website updates

I have now updated all the appliance pages to include the links for the shiny new v15.0 OVA, VM, OpenStack and Xen builds. I'm leaving the Docker and Proxmox/LXC ones for the moment (until I rebuild). I also still need to update each page to include the updated appliance documentation, such as noting the new "adminer" MySQL user for LAMP appliances and other than include MySQL/MariaDB.

As part of the v15.0 release, I have also been working through the appliance readmes (which are then converted to become the appliance page text) to improve them. The main aim is to include clearer info re which components will need manual security updates from time to time. I've also been including upgrade notes and/or links to upgrade documentation, plus where possible upstream security notifications newsletters/mailing lists/etc.

As I also noted above, I hope to update other docs ASAP, such as the Docker docs. If you spot anything amiss, or think we could improve on the website, please let us know and I'll fix it ASAP.

Drupal 8 Security Issue

As I noted yesterday, the new Drupal 8 appliance already has a security issue! :( I've posted the announcement, but as the issue isn't "critical", I've decided to just unpublish the appliance page here on the website for now. For those that are particularly keen, it can still be found on the mirror - but please ensure that you update Drupal 8 ASAP! I think in future, what may perhaps be even better than unpublishing the appliance page, is to just have some sort of security warning banner?! Although I'm not sure...? Your input is welcome.

Regardless, an updated Drupal 8 appliance will be part of the next release of v15.0 ISOs builds. It will be tagged v15.1 so as to avoid confusion. Although perhaps that in and of itself will cause confusion?! :)

Feedback Welcome Encouraged

As per always, we encourage user feedback! So please give them a go and let us know what you think. Comment below, open a new thread in the forums, and/or open a new feature request or bug report on our issue tracker (requires free GitHub user account).

I hope to hear from you soon! :)

Comments

I see many interesting features coming up on Stage 2 - Interested to see them implemented, just can't wait. I am a bit worried about that security issue you mentioned, but I hope it really is not 'critical'. Either way, a good updated, thanks!

I know that this post is a .little bit old but you made me curious about Drupal and its security issues.
Thank you for sharing
P.S. Since I'm using WordPress more than Drupal, I've seen that Elementor company is building a new site builder for Drupal as they did for WP with huge success.